Dunedan · March 14, 2018 20:41 · Aug 18, 2015 · Aug 17, 2015 · Aug 17, 2015 · Aug 17, 2015
diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -7,7 +7,9 @@
 ## > This obfuscation is intended to discourage GitHub Enterprise customers
 ## > from making modifications to the VM.
 ##
-## Well, good, as long as its not intended to discourage me from doing this!
+## Well, good, as long as its not intended to discourage *me* from doing this!
+## After all, I'm not a GitHub Enterprise customer. I'm just some dude who
+## grabbed the .ova file off the internet!
 ##
 ## > We know this 'encryption' is easily broken.
 ##

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/sudo bash
+#!/usr/bin/sudo sh
 
 ## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
 

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/sudo sh
+#!/usr/bin/sudo bash
 
 ## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
 
@@ -73,10 +73,11 @@ touch -r $ruby_concealer_so.bak $ruby_concealer_so
 # This function takes the name of the file to be decrypted from stdin.
 # There's some weirdness with a couple (pre|post)-receive-hooks in earlier GHE
 # versions; these seem to like it a little better if one `cd`s to the directory
-# first. They still squawk a bit but seem to decrypt fine. We're avoiding a
-# temporary file by setting a variable containing the decrypted contents.
+# first, using bundler if necessary.
+# They still squawk a bit but seem to decrypt fine. We're avoiding a
+# temporary file by setting a variable containing the decrypted contents;
+# /bin/echo is necessary to avoid interpolating escaped newlines, etc.
 
-# This version is a little slow because we're using `bundle exec`, but its 
 ruby_revealer(){
   f=$(cat); cd $(dirname $f)
 
@@ -87,18 +88,14 @@ ruby_revealer(){
   r=$(ruby $(basename $f) 2>/dev/null ||
       bundle exec 'ruby $(basename $f) 2>/dev/null' 2>/dev/null)
 
-  r=$(echo "$r" | head -n -2)
+  r=$(/bin/echo "$r" | head -n -2)
 
   # If it has failed, move the original back.
   # (A few do, due to bugs *in the code* itself, I believe.)
-  [ $(echo "$r" | wc -c) -lt 2 ] && (rm -f $f && mv $f.bak $f) ||
-     (echo "$r" > $f && touch -r $f.bak $f && rm -f $f.bak)
+  [ $(/bin/echo "$r" | wc -c) -lt 2 ] && (rm -f $f && mv $f.bak $f) ||
+     (/bin/echo "$r" > $f && touch -r $f.bak $f && rm -f $f.bak)
 }
 
-# There's some weirdness with a couple (pre|post)-receive-hooks, which seem
-# to like it a little better if one `cd`s to the directory first.
-# They still squawk a bit but seem to decrypt fine.
-
 # Presto change-o.
 voila(){
   echo "One moment..." >&2 # While we grep through a bunch of other files...

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -76,25 +76,23 @@ touch -r $ruby_concealer_so.bak $ruby_concealer_so
 # first. They still squawk a bit but seem to decrypt fine. We're avoiding a
 # temporary file by setting a variable containing the decrypted contents.
 
+# This version is a little slow because we're using `bundle exec`, but its 
 ruby_revealer(){
   f=$(cat); cd $(dirname $f)
 
   # Save the original.
   cp -p $f $f.bak
 
   # Output our replacement.
-  r=$(bundle exec ruby $(basename $f) 2>/dev/null ||
-                  ruby $(basename $f) 2>/dev/null)
+  r=$(ruby $(basename $f) 2>/dev/null ||
+      bundle exec 'ruby $(basename $f) 2>/dev/null' 2>/dev/null)
 
   r=$(echo "$r" | head -n -2)
 
-
   # If it has failed, move the original back.
   # (A few do, due to bugs *in the code* itself, I believe.)
   [ $(echo "$r" | wc -c) -lt 2 ] && (rm -f $f && mv $f.bak $f) ||
      (echo "$r" > $f && touch -r $f.bak $f && rm -f $f.bak)
-
-
 }
 
 # There's some weirdness with a couple (pre|post)-receive-hooks, which seem

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -83,7 +83,9 @@ ruby_revealer(){
   cp -p $f $f.bak
 
   # Output our replacement.
-  r=$(bundle exec ruby $(basename $f)) || ruby $(basename $f)
+  r=$(bundle exec ruby $(basename $f) 2>/dev/null ||
+                  ruby $(basename $f) 2>/dev/null)
+
   r=$(echo "$r" | head -n -2)
 
 

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -119,4 +119,4 @@ cleanup(){
 trap cleanup INT
 
 voila
-cleanup
+cleanup
diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -83,7 +83,7 @@ ruby_revealer(){
   cp -p $f $f.bak
 
   # Output our replacement.
-  r=$(bundle exec ruby $(basename $f) || ruby $(basename $f)
+  r=$(bundle exec ruby $(basename $f)) || ruby $(basename $f)
   r=$(echo "$r" | head -n -2)
 
 
@@ -92,7 +92,7 @@ ruby_revealer(){
   [ $(echo "$r" | wc -c) -lt 2 ] && (rm -f $f && mv $f.bak $f) ||
      (echo "$r" > $f && touch -r $f.bak $f && rm -f $f.bak)
 
- 
+
 }
 
 # There's some weirdness with a couple (pre|post)-receive-hooks, which seem

diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -60,13 +60,14 @@ HEZ/sCAAAAAARZWg=='
 ruby_concealer_so=$(find / -name ruby_concealer.so)
 
 # Find the corresponding ruby and put it in our PATH.
-export PATH=$(echo $ruby_concealer_so | sed s'|lib.*|bin|'):$PATH 
+export PATH=$(echo $ruby_concealer_so | sed s'|lib.*|bin|'):$PATH
 
 # Backup the original file.
-cp $ruby_concealer_so $ruby_concealer_so.bak
+mv $ruby_concealer_so $ruby_concealer_so.bak
 
 # Overwrite the original.
 echo "$ruby_revealer_so" | base64 --decode | xz -dc > $ruby_concealer_so
+touch -r $ruby_concealer_so.bak $ruby_concealer_so
 
 
 # This function takes the name of the file to be decrypted from stdin.
@@ -77,43 +78,45 @@ echo "$ruby_revealer_so" | base64 --decode | xz -dc > $ruby_concealer_so
 
 ruby_revealer(){
   f=$(cat); cd $(dirname $f)
-  
+
   # Save the original.
-  o=$(cat $(basename $f))
-  
+  cp -p $f $f.bak
+
   # Output our replacement.
-  r=$(ruby $(basename $f) | head -n -2)
-
-  # Overwrite the original...
-  echo "$r" > $f
-
-  # ...but if it has failed, write the original back.
+  r=$(bundle exec ruby $(basename $f) || ruby $(basename $f)
+  r=$(echo "$r" | head -n -2)
+
+
+  # If it has failed, move the original back.
   # (A few do, due to bugs *in the code* itself, I believe.)
-  [ $(wc -c < $f) -lt 2 ] && echo "$o" > $f
+  [ $(echo "$r" | wc -c) -lt 2 ] && (rm -f $f && mv $f.bak $f) ||
+     (echo "$r" > $f && touch -r $f.bak $f && rm -f $f.bak)
+
+ 
 }
 
 # There's some weirdness with a couple (pre|post)-receive-hooks, which seem
-# to like it a little better if one `cd`s to the directory first. 
+# to like it a little better if one `cd`s to the directory first.
 # They still squawk a bit but seem to decrypt fine.
 
 # Presto change-o.
 voila(){
   echo "One moment..." >&2 # While we grep through a bunch of other files...
 
-  for concealed in $(grep -rl __ruby_concealer__ /data 2>/dev/null); do
-    echo Revealing $concealed ... >&2; echo $concealed | ruby_revealer
+  for c in $(grep --include \*.rb -Rl __ruby_concealer__ /data 2>/dev/null); do
+    echo Revealing $c ... >&2; echo $c | ruby_revealer
   done
 }
 
 # Put the module back how we found it; be sure to use a redirect to
 # preserve permissions and modification dates, etc.
 cleanup(){
-  cat $ruby_concealer_so.bak > $ruby_concealer_so
-  rm $ruby_concealer_so.bak
+  cp -p $ruby_concealer_so.bak $ruby_concealer_so &&
+    rm -f $ruby_concealer_so.bak
 }
 
 # Make absolutely sure we put the .so back properly so we're not foobar'd.
 trap cleanup INT
 
 voila
-cleanup
+cleanup
diff --git a/ruby_revealer.sh b/ruby_revealer.sh
@@ -0,0 +1,119 @@
+#!/usr/bin/sudo sh
+
+## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.
+
+## From `strings ruby_concealer.so`:
+##
+## > This obfuscation is intended to discourage GitHub Enterprise customers
+## > from making modifications to the VM.
+##
+## Well, good, as long as its not intended to discourage me from doing this!
+##
+## > We know this 'encryption' is easily broken.
+##
+## Err, yeah. Just do a binary `s/eval/puts/`. Like this!
+
+# So...
+
+# A version of the ruby_concealer.so with just such a patch, xz'd and base64'd.
+ruby_revealer_so='
+/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4BfnCD1dAD+RRYRoPYmm2orhgzJO2QUBECVj1ssSLXULCO
+u4VR2ikjxchQNbmHH657uWGUHjncEu3kPs6K/1/Co5mEyIhDIbS/bptFYX+6ysuGr2qe3Bk3rv3NIx
+WhlvCMhgbNv7OXOnrcMZJB0nwb6AXTA4IG8Z6UwtDVtZkTzkJ/YbOh99Mb/HDhynIgRz0WjbZOQZH6
+ROPqGF4BK8iO58okHz/aQBKgdFnoyLCWvsY5P+x4agRvYbapHKdkG3dpcZVDSecYOXTgVPaH+ln47d
+F0uOhn22XPq01ueLSky1VwJAPV1YftJ9xC4V9DYrLwuC9wcv4DhfhoEakR0uzySCRDGdWW8x+6ptql
+qXoE5nQqdpOubKLqiZaTjE3XejV9sf5habmvS8D10vUI5Z4Tu7mQUvKoE3/FmnZVI2zVbHSGONA8g0
+k9LUKorBATSye8Gor3DzbsCBEVM2jRHWBvGBnlbjhuFus81EA1egk2sYCh+re6GHiSGsPIMLqnAwjS
+cpLAqQi9M+2Tg+hYCusmzTlt+wSbUajNkYMe6W5gNYEEUcTx7SjEPDGXDKsGSNrOJYeNAHAnpc1Vid
+x+iIldYCuZOWjJp/UFMW6QUyJZil88xR9TGstXd3EIPNY3XDQFRaIToymS1tLu/zcNQZbx70ndnesJ
+ugORINdK68kfPiP/6/xjIzXT5PPzQSm8TGKa8bajCJ7drRI+KgH8bfcRFdBWRPh3x2yxdlkIk+lwpH
++JtvI4qWPa44GlVrmx7vsBxTT4T0Oy1EWePExu108Wjj4E1BjWR1q2Wb0Vi0bEyZ8T3Kzx6e3QDw2O
+Hc14HiG5YdO9IoGS+UgWwp1Z+6GJuXUTHBONS/lTiC3wjXdK08UPRl8fXhbeHt6tagKQhp3FjP/Iyl
+6j8N6f0o3/aJ5medT5BBdAp7eJkLSASWQIAgTzfd+25y/LnvtWEMPH1G1KUeUDA91VZvl7oLTawpm7
+GWBDKKVqn+UidfG53ZcLXcEUegVWRQAwFcBon8KNi8uDsoFWD38nWW2VvXoHoglf1krXi3sawB5AxK
+IrAudhrn9c8cz4dWtMYqIRZj+IGeTr+QmA+8ygIsrSDd03CNMfOQBrK00EV5TpivScHRyLiW+24gVv
+xocvTlT+9F8XoLWwitCKRkf76+6znd/6kFDJgQ3gIcPEaxlfRFTw6VIfYnv3fY1VhvASnhLwe6hLNt
+nT+wkgHfAKZR7MJ+SWV5rjorO2NLrQBZWhL1LO/XSt7LnlwurkpyNjk1xpVb9EeCbbqTMhfMW/VQKx
+uqJNZhAb2KU7y1YFubKl024DyWuOtghGQ5ZZKtmfDwpib7KYN6VrlwGsGRP/N3bDqvcs72ylXhbGR8
+HnyGTlwQL11pqWWnhJBJET2VkpYwNAOJ+m0+BX/Ej0bcDSGMQhbhQ75b8BHVsd/5Hbx/B7mb0cq7O4
+50QECkanmBVRZ8ZROFgIGJHiYp6kC+zOOcQ8Roy5tCrThmB5fN9Fti5wZspVoUOYddyKbCyX4DBrNJ
+u3IL+mwXHrC8hk7s71QrxJ+AtrhBhxaGLHe6xb+jy5uvoUH8Ywicq0GNKeFoo1kgELu2/JJr0omBI4
+UKTWgG6qlRiXVspnZd3xpuWky0BKRVHf1KEXy+LFUYEkVe6prP8QT1mT/xCQuPod72INU7b0VEAQ6n
+X6iavj+5dbg2ZbWDO/yiqnVKkogodr5E5iUtinu+X0eKPJJflvTUZGBqKNxiZO9i3wvCpoZ5GoI89J
+JTGscsxEb7PQWhdTxCyw9nO0xyvT9M3a9iqbmd9TDXMHosynWz+jAizpRqwMA+vBnOitbsxeKJzN5n
+cPIIDwyumHBDyryFr41MHnIufRXzDw8VX0rddXLSPKbwyVq2ogA8mLP1j88FqO3EkfhCE/Jaxb/kJr
+BRp4RNyTi5bVwfz3teLsGCB2RspIFd2NQlzIVUPqTzmHNdQcsC6PeBA8cf/TkyS+6ppndLIYs2uT8N
+24e/r9APRskRS1BLO1bI1c9kvozyNZ8MVj9oZ/mDCVXdxBqxXQSyHib5HIQaBHerD1QxziBU68KXet
+BePKvjlhG+el4dV2DC0g0eJN/7NHHzTJnTLIj1DUxER76LJprZnI8VHpxT2ac/JkqddBMn9yrwWfw6
+ay0e+6AgKnFXpjkLvt3x5Y96yTcnxZQy9zzK5Y7+rWTEBXCc+vwcfDGo3TcclIMpDEc9ddRin4E2JK
+990Lxacz6FxvQh0VqEHPG8VNBd3QopN/v50cgs9AJtLatKhfZHLLVXvFA1N4yyBysl0eBqKhSHS+mQ
+g8efRUqQs3nAV4A3XiFGOI4rP7eTjrkcwcQ+HbGmLoYmRCH2mjBTexkldCw/wvkB7d9sRHbYgcJ5mL
+TUYD2p1H6v6UO46HRwsvK8+v90q6lMzPEp5ejfFWBK0YAC7xEBk+egqWndZ9XpZ9P3EMkPwvgJK6+R
+VPv5CaiO3V3jEjzTsnqFo+oRj1/rvG+JUkyA1DVVsftQNiXL/0I1pBbx6nnW2fG8IIdZj4cXQchV1R
+NTFR1hbhZobbAf4anPp5ewTYlcQQcsnswfeMywClTMdThS3X0BxUbuPwjl9h6hnmN2LWk0cH/Rr6Gc
+l5jpZr1dFGXYpVyaA7zFfVry/2hSPHUpZJeb+amqAZqd6RUocj5d1oKwfJ5D7tjJMkgfQ4aiV5XGQL
+EhPXzVaJXkk2PwQhRgUyh+cAvQWjOt+smlpAHTLnW7b8r0/1V1aJPmN9OMI5tshQD9UvkWCbpIg0cu
+Y6QK6t29oIcTo20qU0+gqg8auYrzJyoC3JGgj+gIo2B9AAAAAABA7jDAP3LMnQAB2RDoLwAAsmZetr
+HEZ/sCAAAAAARZWg=='
+
+# Find the existing .so (don't hardcode it).
+ruby_concealer_so=$(find / -name ruby_concealer.so)
+
+# Find the corresponding ruby and put it in our PATH.
+export PATH=$(echo $ruby_concealer_so | sed s'|lib.*|bin|'):$PATH 
+
+# Backup the original file.
+cp $ruby_concealer_so $ruby_concealer_so.bak
+
+# Overwrite the original.
+echo "$ruby_revealer_so" | base64 --decode | xz -dc > $ruby_concealer_so
+
+
+# This function takes the name of the file to be decrypted from stdin.
+# There's some weirdness with a couple (pre|post)-receive-hooks in earlier GHE
+# versions; these seem to like it a little better if one `cd`s to the directory
+# first. They still squawk a bit but seem to decrypt fine. We're avoiding a
+# temporary file by setting a variable containing the decrypted contents.
+
+ruby_revealer(){
+  f=$(cat); cd $(dirname $f)
+
+  # Save the original.
+  o=$(cat $(basename $f))
+
+  # Output our replacement.
+  r=$(ruby $(basename $f) | head -n -2)
+
+  # Overwrite the original...
+  echo "$r" > $f
+
+  # ...but if it has failed, write the original back.
+  # (A few do, due to bugs *in the code* itself, I believe.)
+  [ $(wc -c < $f) -lt 2 ] && echo "$o" > $f
+}
+
+# There's some weirdness with a couple (pre|post)-receive-hooks, which seem
+# to like it a little better if one `cd`s to the directory first. 
+# They still squawk a bit but seem to decrypt fine.
+
+# Presto change-o.
+voila(){
+  echo "One moment..." >&2 # While we grep through a bunch of other files...
+
+  for concealed in $(grep -rl __ruby_concealer__ /data 2>/dev/null); do
+    echo Revealing $concealed ... >&2; echo $concealed | ruby_revealer
+  done
+}
+
+# Put the module back how we found it; be sure to use a redirect to
+# preserve permissions and modification dates, etc.
+cleanup(){
+  cat $ruby_concealer_so.bak > $ruby_concealer_so
+  rm $ruby_concealer_so.bak
+}
+
+# Make absolutely sure we put the .so back properly so we're not foobar'd.
+trap cleanup INT
+
+voila
+cleanup
No results found